Crux — Privacy Policy

Introduction

Crux is a Chrome extension built and maintained by tooltree.dev. This policy explains what data is collected, how it is used, and what controls you have. We believe in radical simplicity: we collect only what is strictly necessary for the extension to work.

Information We Collect

1. Google account information (when you sign in)

• Display name
• Email address
• Profile photo URL
• Google UID (used as your unique user identifier)

This is collected via Google Sign-In (OAuth2) through Chrome's identity API. We never see your Google password.

2. Task data (stored in the cloud)

• Task titles, descriptions, statuses, categories
• Due dates and reminder times
• Jira ticket references (key, URL, priority, status)
• Creation and update timestamps

Stored in Firebase Firestore, scoped to your user ID. No other user can access your data.

3. Data stored only on your device (never transmitted to our servers)

• Jira site URL, email, and API token — stored in chrome.storage.local, encrypted at rest by Chrome itself
• App settings (dark mode, sync interval, view preference)
• Jira filter IDs you have saved
• Draft form data

This data lives entirely on your device and is never sent to tooltree.dev or any third party.

How We Use Your Information

• To identify you and load your tasks (Google UID)
• To sync your task data across browser sessions (Firestore)
• To send reminder notifications you explicitly set (chrome.notifications)
• To connect to your Jira instance on your behalf (API token, used locally only)

We do not use your data for advertising, profiling, or any purpose beyond making the extension function.

Data Storage and Security

• Task data is stored in Google Firebase Firestore (region: us-central1)
• Firebase enforces per-user security rules — your data is only accessible with your authenticated credentials
• Jira credentials are stored in chrome.storage.local which Chrome encrypts at rest on your operating system
• All communication between the extension and Firebase/Atlassian is over HTTPS

Third-Party Services

Crux uses only two external services:

Google Firebase (Auth + Firestore)

Used for authentication and cloud task storage.
Privacy policy: https://firebase.google.com/support/privacy

Atlassian (only if you connect Jira)

Your API token is used to make requests directly to your own Atlassian instance.
Atlassian privacy policy: https://www.atlassian.com/legal/privacy-policy

We use no analytics services, no advertising networks, and no other third-party SDKs.

Data Sharing

We do not sell, rent, license, or share your personal data with any third party for any purpose. Ever.

Data Retention

• Task data in Firestore: retained until you delete individual tasks, use "Clear completed tasks" in Settings, or contact us to delete your account
• Local device data: cleared automatically when you uninstall the extension
• Google account info: retained as long as your account exists in our system

To delete all your data: uninstall the extension and email us at support@tooltree.dev with subject "Delete my Crux data" and we will remove your Firestore records within 7 days.

Your Rights

Depending on your location you may have the right to:

• Access the data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your task data (use Settings → Export CSV or Export JSON)

To exercise any of these rights, contact support@tooltree.dev.

Children's Privacy

Crux is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it immediately.

Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page. Continued use of the extension after changes constitutes acceptance of the updated policy. For significant changes we will add a notice inside the extension itself.